[K12OSN] home directory permissions

[Tim Born]

If your users have figured out a way to change perms on /home/* you have 
a security hole that needs a bigger patch than a cron job.  Gotta find 
the source of the problem and fix it properly.

James P. Kinney III wrote:

>Hmm. The default user setup is 700. So unless the students are changing
>things something is wrong with the permission controls from Likewise.
>
>chmod 700 /home/*
>
>That will reset the permissions on all directories in /home .
>If the problem recurs, make it a cron job as follows:
>
>crontab -e
>
>Now PgDn to the bottom of the file and hit "A" (capital letter A for
>Append) and hit the enter to start a new line
>
>now type in:
>
>* 7,11 * * * chmod 700 /home/*
>
>then hit <Esc> then :wq
>
>(yes this is a vi environment - it's good to know at least the basics!)
>
>So now, every day at 7 and 11 am all directories will be reset to perms
>700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
>you want 3pm only, use 15 instead of 7,11 .
>
>If you don't want an email of everytime it runs make the first line of
>the crontab :
>
>MAILTO=''
>
>But I would look into WHY and HOW the perms were changed in the first
>place. Something is amiss!
>On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
>  
>
>>Does anyone have an easy way to change the permissions on the home
>>directories so that only the owner has access to it. We have some very
>>bright students and they have found out that they can copy work from
>>someone else and have more free time. I am using the 5EL and have
>>single sign on using likewise open from my windows server using active
>>directory. I know I can change them one at a time using “chmod 700
>>filename”. I am not adept at writing scripts and hoping someone can
>>help.
>>
>> 
>>
>> 
>>
>>outlook signature
>>
>> 
>>
>>
>>
>>
>>______________________________________________________________________
>>Statement of Confidentiality: The contents of this e-mail message and
>>any attachments are intended solely for the addressee. The information
>>may also be confidential and/or legally privileged. This transmission
>>is sent for the sole purpose of delivery to the intended recipient. If
>>you have received this transmission in error, any use, reproduction,
>>or dissemination of this transmission is strictly prohibited. If you
>>are not the intended recipient, please immediately notify the sender
>>by reply e-mail, send a copy to postmaster at snowlineschools.com and
>>delete this message and its attachments, if any.
>>
>>E-mail is covered by the Electronic Communications Privacy Act, 18 USC
>>SS 2510-2521 and is legally privileged.
>>
>>-- 
>>This message has been scanned for viruses and 
>>dangerous content by MailScanner, and is 
>>believed to be clean. 
>>_______________________________________________
>>K12OSN mailing list
>>K12OSN at redhat.com
>>https://www.redhat.com/mailman/listinfo/k12osn
>>For more info see <http://www.k12os.org>
>>    
>>